package me.hbz.myblog.filter;



import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import me.hbz.myblog.domain.User;


@WebFilter("/admin/*")
public class AuthorizeFilter implements Filter {

	public void destroy() {

	}

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {

		HttpServletRequest req = (HttpServletRequest) request;

		// 获取session对象
		HttpSession session = req.getSession();

		// 从会话获取管理员用户
		User admin = (User) session.getAttribute("admin");

		if (admin != null) {
			// 用户不为空，则说明用户已经登录，继续执行
			chain.doFilter(request, response);
		} else {
			// 用户未登录，则请求转发到登录页面，附带提示信息
			req.setAttribute("message", "你尚未登录，请登录.");
			req.getRequestDispatcher("/login.jsp").forward(request, response);
		}

	}

	public void init(FilterConfig fConfig) throws ServletException {

	}

}
